hello, im also having issues with google directing webpages... now i have followed ur 8 steps but having issues with a couple of them. i scanned with bitdefender and no virus then ccleaner ok and then installed malwarebytes but havent been able to start program on desktop and safemode and also superspyware which wont let me install the program on desktop or safemode. now firefox and internet explorer im having probs with google but opera is ok if that helps. i hope u guys can help as its frustrating.
Google redirecting 8 steps
- Thread starter aussiemate
- Start date
- Status
kritius
Posts: 2,077 +0
Are you able to run HJT from normal mode?
Also,
Rename HijackThis.exe to aussie.exe by doing the following;
Also,
Rename HijackThis.exe to aussie.exe by doing the following;
- Navigate here using Windows Explorer (windows button + E) or My Computer -> Local Disk C: -> C:\Program Files\Trend Micro\HijackThis
- Right-click on the HijackThis.exe
- Choose from the pull-down menu; "Rename"
- And now Rename HijackThis.exe to aussie.exe
- When you've renamed HijackThis, open HijackThis again.
- Take a fresh HijackThis log (click Do a system scan and save a log file)
- Post the fresh HijackThis log here.
hi all, as i said in my first post im still having probs with malwarebytes which wont start up on normal mode and safe mode and i cant install superantispyware on normal and safe mode... i have followed kimsland steps in troubleshooting but still having same probs. ok hope to from u guys as soon as possible
kritius
Posts: 2,077 +0
Fix entries using HiJackThis
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://87.25.173.66:8082/VatDec.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8F6F334-C344-42D1-A94C-2875F633810A}: NameServer = 85.255.112.200,85.255.112.182
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.200,85.255.112.182
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.200,85.255.112.182
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.200,85.255.112.182
Delete Domains
Right click on this link DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.
Try to use Malwarebytes and SAS again.
Also,
This,
C:\Program Files\Trend Micro\aussie.exe\HijackThis.exe
Should be this,
C:\Program Files\Trend Micro\HijackThis\aussie.exe
This next step is purely optional however viewpoint is considered foistware and is not needed on your computer,
Go to Start > Run and copy/paste or type: taskmgr
Click on Start > Run and type: services.msc
Click on Start > Settings > Control Panel > Add/Remove Programs > highlight and remove all references to Viewpoint - i.e. Viewpoint, Viewpoint Manager, Viewpoint Media Player.
Finally, delete the following folders if they still exist:
C:\Program Files\ViewManager\ <-- and delete this folder
C:\Program Files\Viewpoint\ <-- and delete this folder
I also recommend you uninstall Zone alarm spyblocker,
Since recently, Zonealarm decided to include a "ZoneAlarm Spy Blocker toolbar" as well which is an optional during install.
However, this Toolbar now uses the AskJeeves/Ask.com searchengine.
More info: here.
This Toolbar is not recommened. See here: here.
Source: SpywareInfo/minkiemoes
Post back a fresh log.
- Launch HiJackThis
- Click the Do a system scan only button
- Put a check next to the entries listed below
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - (no file)
O16 - DPF: {210D0CBC-8B17-48D1-B294-1A338DD2EB3A} (VatCtrl Class) - http://87.25.173.66:8082/VatDec.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F8F6F334-C344-42D1-A94C-2875F633810A}: NameServer = 85.255.112.200,85.255.112.182
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.112.200,85.255.112.182
O17 - HKLM\System\CS4\Services\Tcpip\Parameters: NameServer = 85.255.112.200,85.255.112.182
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.112.200,85.255.112.182
- IMPORTANT: Do NOT click fix until you exit all browser sessions including the one you are reading in right now
- Click the Fix checked button and close HiJackThis
- Reboot HijackThis if necessary
Delete Domains
Right click on this link DelO15Domains.inf and choose Save As. Save it to your desktop. Right click on that file and choose Install. It will run immediately (you won't be able to see anything happen). You may delete it afterwards. NOTE: This script will delete any sites you may have added to the Trusted Sites. So if you want them back, you have to add them back to the Trusted Sites again.
Try to use Malwarebytes and SAS again.
Also,
This,
C:\Program Files\Trend Micro\aussie.exe\HijackThis.exe
Should be this,
C:\Program Files\Trend Micro\HijackThis\aussie.exe
This next step is purely optional however viewpoint is considered foistware and is not needed on your computer,
Go to Start > Run and copy/paste or type: taskmgr
- Under the Processes tab find the following tasks or processes:
ViewpointService.exe
ViewMgr.exe
- Highlight and click "End Process".
- Exit Task Manager.
Click on Start > Run and type: services.msc
- Press "OK".
- Click the "Extended tab".
- Scroll down the list and find the service called "Viewpoint Manager Service"
- When you find the service, double-click on it.
- In the Properties Window > General Tab that opens, click the "Stop" button.
- From the drop-down menu next to "Startup Type", click on "Disabled".
- Now click "Apply", then "OK" and close any open windows.
Click on Start > Settings > Control Panel > Add/Remove Programs > highlight and remove all references to Viewpoint - i.e. Viewpoint, Viewpoint Manager, Viewpoint Media Player.
Finally, delete the following folders if they still exist:
C:\Program Files\ViewManager\ <-- and delete this folder
C:\Program Files\Viewpoint\ <-- and delete this folder
I also recommend you uninstall Zone alarm spyblocker,
Since recently, Zonealarm decided to include a "ZoneAlarm Spy Blocker toolbar" as well which is an optional during install.
However, this Toolbar now uses the AskJeeves/Ask.com searchengine.
More info: here.
This Toolbar is not recommened. See here: here.
Source: SpywareInfo/minkiemoes
Post back a fresh log.
- Status
